Summary
There is a vulnerability in the current version of osTicket that allows an attacker to upload an PHP script, and then access it causing it to execute.
This attack is being actively exploited by attackers to take over servers. This script tries to detect infected servers.
Solution
1) Remove any PHP files from the /attachments/ directory.
2) Place an index.html file there to prevent directory listing of that directory.
3) Upgrade osTicket to the latest version.
Severity
Classification
-
CVSS Base Score: 7.8
AV:N/AC:L/Au:N/C:N/I:N/A:C
Related Vulnerabilities
- Adobe Acrobat Out-of-bounds Vulnerability Feb15 (Mac OS X)
- Adobe AIR Multiple Vulnerabilities-01 Sep14 (Mac OS X)
- Adobe Flash Player 'SWF' File Multiple Code Execution Vulnerability - Windows
- Adobe Acrobat Multiple Vulnerabilities-01 Dec14 (Windows)
- Adobe Flash Player Buffer Overflow Vulnerability - Apr14 (Linux)